General

  • Target

    a90f81f79cf29b19978b2c36e5ae8daad4a2e165f3e895cd0483dc9b7eacc8d5

  • Size

    193KB

  • Sample

    221123-3hav1ace25

  • MD5

    45d72831bcdc9d581ac125b8212a6550

  • SHA1

    853ff6eb0afcd3bb9af72431c6276149eea6830c

  • SHA256

    a90f81f79cf29b19978b2c36e5ae8daad4a2e165f3e895cd0483dc9b7eacc8d5

  • SHA512

    dbab39b0838ca1867462a60e8f90e0a09fe153d887718b0d2acdc7e905d844c239aa9de605b54640285bc88c8535878aee19b26657d8d5c0369a88073c762082

  • SSDEEP

    3072:6zW+DiC9iLo+GnHS5GWp1icKAArDZz4N9GhbkrNEkQfH7YyrIXgXjCWBOb:FKwLo7kp0yN90QEffUXg

Malware Config

Targets

    • Target

      a90f81f79cf29b19978b2c36e5ae8daad4a2e165f3e895cd0483dc9b7eacc8d5

    • Size

      193KB

    • MD5

      45d72831bcdc9d581ac125b8212a6550

    • SHA1

      853ff6eb0afcd3bb9af72431c6276149eea6830c

    • SHA256

      a90f81f79cf29b19978b2c36e5ae8daad4a2e165f3e895cd0483dc9b7eacc8d5

    • SHA512

      dbab39b0838ca1867462a60e8f90e0a09fe153d887718b0d2acdc7e905d844c239aa9de605b54640285bc88c8535878aee19b26657d8d5c0369a88073c762082

    • SSDEEP

      3072:6zW+DiC9iLo+GnHS5GWp1icKAArDZz4N9GhbkrNEkQfH7YyrIXgXjCWBOb:FKwLo7kp0yN90QEffUXg

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks